Bernhard Mähr created SOLR-17858:
------------------------------------
Summary: [Regression] blockUnknow=false results in 401
Key: SOLR-17858
URL: https://issues.apache.org/jira/browse/SOLR-17858
Project: Solr
Issue Type: Bug
Components: Authentication
Affects Versions: 9.9
Reporter: Bernhard Mähr
The bug from https://issues.apache.org/jira/browse/SOLR-10530 was reintroduced
again.
When configuring security it is not possible to make for example search
requests unauthrozide, even when setting blockUnknown to false.
security.json
{noformat}
{
"authentication": {
"class": "solr.BasicAuthPlugin",
"credentials": {
"solr": "I....="
},
"realm": "My Solr users",
"forwardCredentials": false,
"blockUnknown": false
},
"authorization": {
"class": "solr.RuleBasedAuthorizationPlugin",
"permissions": [
{
"name": "query",
"role": null
},
{
"name": "update",
"role": null
},
{
"name": "security-edit",
"role": "admin"
},
{
"name": "all",
"role": "admin"
}
],
"user-role": {
"solr": "admin"
}
}
}
{noformat}
I still get
{noformat}
curl "http://localhost:8983/solr/vlx/select?q=*:*";
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1"/>
<title>Error 401 Authentication failed, Response code: 401</title>
</head>
<body><h2>HTTP ERROR 401 Authentication failed, Response code: 401</h2>
<table>
<tr><th>URI:</th><td>/solr/vlx/select</td></tr>
<tr><th>STATUS:</th><td>401</td></tr>
<tr><th>MESSAGE:</th><td>Authentication failed, Response code: 401</td></tr>
<tr><th>SERVLET:</th><td>default</td></tr>
</table></body>
</html>{noformat}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
